:

CHINESE HACKERS HIT TELCOS WITH NEW LINUX, WINDOWS MALWARE

DEV DESK2 MIN READ
THU, MAY 21, 2026

■ AI-SUMMARIZED FROM 1 SOURCE ▸ TIMELINE

A Chinese cyber-espionage campaign is targeting telecommunications providers with newly discovered malware variants. The threats, named Showboat for Linux and JFMBackdoor for Windows, represent an escalating threat to critical infrastructure.

Security researchers have identified a coordinated cyber-espionage operation targeting telecom companies globally. The campaign deploys two distinct malware strains designed to establish persistent backdoor access on compromised systems. Showboat, the Linux variant, and JFMBackdoor, its Windows counterpart, enable attackers to maintain long-term access to infected networks. Both tools exhibit sophisticated command-and-control capabilities, allowing operators to execute arbitrary commands and extract sensitive data. Telecommunications providers represent high-value targets due to their role as critical infrastructure. Successful compromises could enable espionage, surveillance operations, and potential disruption of communications services. The targeting of both Linux and Windows systems suggests a comprehensive operational approach designed to penetrate diverse network environments. Infection vectors include spear-phishing emails and exploitation of known vulnerabilities. The malware variants share code similarities, indicating they originated from the same threat actor group. Attribution analysis points to a Chinese state-sponsored operation, consistent with documented patterns of telecom-sector targeting. The campaign's sophisticated nature—combining custom malware, multi-platform support, and targeted delivery—distinguishes it from commodity threats. Defenders have identified command servers and infrastructure used in distribution, enabling network-based detection. Telecommunications organizations have been advised to implement endpoint detection and response solutions, patch known vulnerabilities, and enhance monitoring of suspicious network activity. The discovery highlights the persistent threat posed by nation-state actors targeting essential services sectors. Industry partners continue analyzing the malware variants to identify additional indicators of compromise and refine defensive measures.

■ SOURCES

Bleeping Computer

■ SUMMARY WRITTEN BY AI FROM THE LINKS ABOVE

■ MORE FROM THE SECURITY DESK

U.S. federal prosecutors have unsealed charges against three Russian nationals accused of operating a bulletproof hosting service that supported ransomware gangs responsible for over $62 million in damages worldwide.

4H AGOIndustry Desk

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that attackers are actively exploiting three vulnerabilities in Internet-exposed on-premises SharePoint Server instances. Organizations running affected versions must patch immediately.

4H AGOSecurity Desk

Tailscale disclosed a critical vulnerability in its SSH implementation that allowed attackers to gain root access through insecure argument handling. The flaw has been patched in recent versions.

7H AGOAI Desk

A new study found that social media platforms referred over 5.7 million visits to nonconsensual deepfake pornography sites between December 2025 and March 2026, with YouTube and X accounting for the majority of traffic.

9H AGOIndustry Desk

■ SUBSCRIBE TO THE DAILY BRIEF

ONE EMAIL, 5 STORIES, 06:00 UTC. UNSUBSCRIBE ANYTIME.